Allowing BitLocker encryption on Windows 10 devices Skip Navigation

Allowing BitLocker encryption on 
Windows 10

BitLocker Drive Encryption is a data protection feature of the operating system that helps mitigate unauthorized data access when a device is lost or stolen. You can allow BitLocker encryption on 
Windows 10
 devices and protection is strengthened if the device also has a Trusted Platform Module (TPM), which gives you the option to require additional authentication at startup (for example, a startup key, PIN, or removable USB drive). In 
BlackBerry UEM
, you can also create a compliance profile to prevent users from disabling BitLocker to enforce its use on devices that require encryption.
You can configure the recovery options to access a BitLocker-protected operating system or data drives. Users can access recovery keys from the 
Active Directory
 console, and if enabled, recovery passwords can be backed up to 
Active Directory
 Domain Services so that an administrator can recover them using the BitLocker Recovery Password Viewer tool.
Configure the following 
 IT policy rules to support BitLocker encryption on 
Windows 10
  • BitLocker encryption method for desktop 
  • Allow storage card encryption prompts on the device 
  • Allow BitLocker Device Encryption to enable encryption on the device 
  • Set default encryption methods for each drive type 
  • Require additional authentication at startup 
  • Require minimum PIN length for startup 
  • Pre-boot recovery message and URL 
  • BitLocker OS drive recovery options 
  • BitLocker fixed drive recovery options 
  • Require BitLocker protection for fixed data drives 
  • Require BitLocker protection for removable data drives 
  • Allow recovery key location prompt
  • Enable encryption for standard users 
For more information about the BitLocker IT policy rules, see the Policy Reference Spreadsheet.